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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 19 November 2003 . 
2a)G3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^1 Claim(s) 1-31 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. \ 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
Priority under 35 U.S.C. §§119 and 120 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1.78. 
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Attach ment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). 

2) CH Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) □ Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed on November 19, 2003 have been fully considered 
but they are not persuasive. 

It is argued that the teachings of Ashe fail to disclose of the use of PIN data input 
by the user be encrypted or decrypted. The examiner respectfully disagrees for it is 
disclosed by Ashe of user entry of a PIN (col. 2, lines 5-6). The PIN is encrypted by a 
master algorithm and is stored on the card (col. 2, lines 7-9). 

It is additionally argued by the applicant that Ashe fails to disclose of "securely 
transmitting both PIN and non-PIN data over a public network such as the Internet." 
The examiner respectfully disagrees for it is disclosed of transferring data stored on the 
card to carry out a desired transaction (col. 2, lines 1 1-14). 

2. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., securely transmitting both PIN and non-PIN data over a public network such as the 
Internet) are not recited in the rejected independent claims 1,6,9,21, and 24. Although 
the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 
(Fed. Cir. 1993). 
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Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1,6,9,14-19,21,34,24,26-29, and 31 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Ashe. 

As per claims 1 and 21, it is disclosed by Ashe of encrypting (encoding) 
proprietary (transaction) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1 , lines 45-47 & col. 2, lines 7-9). The PIN is encrypted by a master algorithm and 
is stored on the card (col. 2, lines 7-9). An encryption (performed second encryption 
operation) is performed on the propriety information (non-PIN data) by an encryption 
operation unique to the proprietor of the information (col. 1 , lines 37-44). Ashe 
discloses that the proprietary information (non-PIN data) is stored in a first portion of 
memory and the PIN data encrypted by a master algorithm is stored in a second portion 
of memory which is interpreted by the examiner as cryptographically isolated (col. 1, 
lines 37-47 and col. 2, lines 7-9). 

As per claims 6 and 24, it is disclosed by Ashe of encrypting (encoding) 
proprietary (transaction) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
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first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1, lines 45-47 & col. 2 f lines 7-9). The PIN is encrypted by a master algorithm and 
is stored on the card (col. 2, lines 7-9). An encryption (performed second encryption 
operation) is performed on the propriety information (non-PIN data) by an encryption 
operation unique to the proprietor of the information (col. 1, lines 37-44). Ashe 
discloses that the proprietary information (non-PIN data) is stored in a first portion of 
memory and the PIN data encrypted by a master algorithm is stored in a second portion 
of memory which is interpreted by the examiner as cryptographically isolated (col. 1, 
lines 37-47 and col. 2, lines 7-9). The examiner additionally interprets the teachings as 
including a first and second decryption operation since first and second encryption 
operations are performed on the respective portions of data. 

As per claim 9, it is disclosed by Ashe of encrypting (encoding) proprietary 
(account information) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1, lines 45-47 & col. 2, lines 7-9). The PIN is encrypted by a master algorithm and 
is stored on the card (col. 2, lines 7-9). An encryption (performed second encryption 
operation) is performed on the propriety information (non-PIN data) by an encryption 
operation unique to the proprietor of the information (col. 1, lines 37-44). Ashe 
discloses that the proprietary (account) information (non-PIN data) is stored in a first 
portion (block) of memory and the PIN data encrypted by a master algorithm is stored in 
a second portion (block) of memory which is interpreted by the examiner as being 
analyzed to be separated from each other (col. 1, lines 37-47 and col. 2, lines 7-9). 
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As per claim 14, Ashe discloses of encrypting (encoding) proprietary (account 
information) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed first 
encryption operation) by a master algorithm stored in memory of the smart card (col. 1 , 
lines 45-47 & col. 2, lines 7-9). Transactions are carried out by a user with a cash 
machine (col. 2, lines 13-14 & col. 3, lines 22-25) which is interpreted by the examiner 
as being financial information in regards to credit or debit purchases. 

As per claims 15,16,26, and 27, it is disclosed by Ashe of encrypting (encoding) 
proprietary (transaction) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1 , lines 45-47 & col. 2, lines 7-9). The PIN is encrypted by a master algorithm and 
is stored on the card (col. 2, lines 7-9). An encryption (performed second encryption 
operation) is performed on the propriety information (non-PIN data) by an encryption 
operation unique to the proprietor of the information (col. 1, lines 37-44). Ashe 
discloses that the proprietary information (non-PIN data) is stored in a first portion of 
memory and the PIN data encrypted by a master algorithm is stored in a second portion 
of memory (col. 1 , lines 37-47 and col. 2, lines 7-9). The holder's (authentication 
requestor) PIN is later retrieved, decrypted, and verified by the microprocessor of the 
machine (authorized agent) and the encrypted information or proprietary information 
(non-PIN data) is then decrypted (col. 2, lines 50-55 & col. 3, line 32 through col. 4, line 
8). It is noted by the examiner that the information on the card is transferred from the 
card to the machine during the verification process in order to conduct a transaction 
once the PIN is verified (col. 2, lines 50-55 & col. 3, line 32 through col. 4, line 8). 
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As per claims 16 and 27, Ashe discloses that the proprietary information (non- 
PIN data) is stored in a first portion of memory and the PIN data encrypted by a master 
algorithm is stored in a second portion of memory which is interpreted by the examiner 
as cryptographically isolated (col. 1, lines 37-47 and col. 2, lines 7-9). The examiner 
additionally interprets the teachings as including a first and second decryption operation 
since first and second encryption operations are performed on the respective portions of 
data. 

As per claims 17-19,28, and 29, the teachings of Ashe are relied upon for the use 
of encrypting (encoding) proprietary (transaction) data (col. 1, lines 37-41). A PIN is 
(only) encrypted (performed first encryption operation) by a master algorithm stored in 
memory of the smart card (col. 1 , lines 45-47 & col. 2, lines 7-9). An encryption 
(performed second encryption operation) is performed on the propriety information (non- 
PIN data) by an encryption operation unique to the proprietor of the information (col. 1, 
lines 37-44). The teachings of Ashe are silent in disclosing of using symmetric and 
asymmetric encryption. The examiner hereby takes official notice that the use of 
symmetric and asymmetric encryption is notoriously well known in the art. It would have 
been obvious to a person of ordinary skill in the art at the time of the invention to have 
been motivated to apply both symmetric and asymmetric encryption processes as 
separate encryption schemes to protect different data. Symmetric encryption is 
notoriously well known as a system involving two transformations, one from a source 
and the other from the recipient which make use the either the same secret keys or 
private keys. Asymmetric encryption is notoriously well known as being a system 
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involving two related transformations, one being a public key and the other being a 
private key whereby it is hard to determine the private key derivation from the public key 
derivation. The teachings of Ashe disclose of two encryption processes and it is 
obvious that the use of symmetric and asymmetric encryption could have been used as 
separate encryption schemes whereby the choice of the particular encryption process 
would have been predetermined based on the benefits of the particular type of particular 
encryption process and the strength of the encryption which is desired. 

As per claim 23, it is disclosed by Ashe of encrypting (encoding) proprietary 
(account information) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1, lines 45-47 & col. 2, lines 7-9). The card is placed into a slot with contactors 
(card reader) such as for a cash machine to read the information from the card (col. 3, 
lines 18-25,32-33). 

As per claim 31 , it is disclosed by Ashe of encrypting (encoding) proprietary 
(account information) data (col. 1, lines 37-41). A PIN is (only) encrypted (performed 
first encryption operation) by a master algorithm stored in memory of the smart card 
(col. 1 , lines 45-47 & col. 2, lines 7-9). It is inherent that a card reader is used in the 
teachings of Ashe to acquire the data since it is necessary for means to read the 
information stored on smart card to carry out the transaction (col. 2, lines 13-14). 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 2,3,5,7,8,10,12,14,20,22,25, and 30 rejected under 35 U.S.C. 103(a) as 
being unpatentable over Ashe. 

As per claims 2,7,10,22, and 25, the teachings of Ashe are relied upon for the 
use of encrypting (encoding) proprietary (transaction) data (col. 1, lines 37-41). A PIN is 
(only) encrypted (performed first encryption operation) by a master algorithm stored in 
memory of the smart card (col. 1, lines 45-47 & col. 2, lines 7-9). An encryption 
(performed second encryption operation) is performed on the propriety information (non- 
PIN data) by an encryption operation unique to the proprietor of the information (col. 1, 
lines 37-44). The teachings of Ashe are silent in disclosing of using symmetric and 
asymmetric encryption. The examiner hereby takes official notice that the use of 
symmetric and asymmetric encryption is notoriously well known in the art. It would have 
been obvious to a person of ordinary skill in the art at the time of the invention to have 
been motivated to apply both symmetric and asymmetric encryption processes as 
separate encryption schemes to protect different data. Symmetric encryption is 
notoriously well known as a system involving two transformations, one from a source 
and the other from the recipient which make use the either the same secret keys or 
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private keys. Asymmetric encryption is notoriously well known as being a system 
involving two related transformations, one being a public key and the other being a 
private key whereby it is hard to determine the private key derivation from the public key 
derivation. The teachings of Ashe disclose of two encryption processes and it is 
obvious that the use of symmetric and asymmetric encryption could have been used as 
separate encryption schemes whereby the choice of the particular encryption process 
would have been predetermined based on the benefits of the particular type of particular 
encryption process and the strength of the encryption which is desired. 

As per claims 3 and 1 1 , Ashe discloses of a unique (secret) key being encrypted 
(under a third encryption process) using a master key (col. 1 , lines 45-47). 

As per claims 5,8,13,20, and 30, the teachings of Ashe are relied upon for the 
use of encrypting (encoding) proprietary (transaction) data (col. 1, lines 37-41). A PIN is 
(only) encrypted (performed first encryption operation) by a master algorithm stored in 
memory of the smart card (col. 1 , lines 45-47 & col. 2, lines 7-9). An encryption 
(performed second encryption operation) is performed on the propriety information (non- 
PIN data) by an encryption operation unique to the proprietor of the information (col. 1, 
lines 37-44). The teachings of Ashe are silent in disclosing of calculating a digest by 
applying a one-way mathematical process and to append the digest for future 
verification. The examiner hereby takes official notice that the use of hashing to be 
appended to a file and later recomputing the hash to see if the information has not be 
altered based on the hash values matching is notoriously well known in the art. It would 
have been obvious to a person of ordinary skill in the art at the time of the invention to 
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have used hashing for data verification purposes. Hashing is notoriously well known as 
a one-way mathematical process which converts data to a specific value and when 
recomputing the data using the same hashing function should produce the same hash 
value which indicates that the data has maintained its integrity. Otherwise, if the 
recomputed hash values do not match with the original has value, then it is determined 
that the data has been altered. It is obvious that the teachings of Ashe would have 
benefitted from the use of hashing as a means of maintaining the integrity of the 
proprietary information since are directed towards a secure processing system (col. 1 , 
lines 36-41). 

5. Claims 4 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ashe in view of McKinsey. 

As per claims 4 and 12, the teachings of Ashe disclose of Ashe are relied upon 
for the use of encrypting (encoding) proprietary (transaction) data (col. 1, lines 37-41). 
A PIN is (only) encrypted (performed first encryption operation) by a master algorithm 
stored in memory of the smart card (col. 1, lines 45-47 & col. 2, lines 7-9). An 
encryption (performed second encryption operation) is performed on the propriety 
information (non-PIN data) by an encryption operation unique to the proprietor of the 
information (col. 1, lines 37-44). The teachings of Ashe are silent in disclosing of an 
encrypted envelope which includes PIN and non-PIN data. It is disclosed by McKinsey 
of a Cryptolope container (encrypted envelope) which includes content (non-PIN data) 
and control information (PIN data) to be transferred together and the content is 
encrypted with a symmetric key which is encrypted with a public key (pg 2 & 3). It 
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would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to apply a means for securely protecting data. 
McKinsey discloses motivation for the use of Cryptolope containers (encrypted 
envelopes) by reciting that it allows for both content (non-PIN data) and control 
information (PIN data) to be transferred together (pg 2). It is obvious that the teachings 
of Ashe would have benefitted from the disclosure of McKinsey as a means of 
transferring PIN and non-PIN together in a secure manner by means of a Cryptolope 
container (encrypted container) to allow for the protection of proprietary information from 
an illicit user. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 703- 
305-1843. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 



AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



January 28, 2004 




